CSRF in Espressif Arduino-esp32
CVE-2025-53540
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF)…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.008 (73.9th percentile) — read the EPSS interpretation.
Affected products
- Espressif Arduino-esp32 — versions < 3.2.1